In the latest bulletin, Charlie discusses the introduction of learning theories in exercising and looks into why these theories are useful when conducting an exercise.
I was in London this week at a meeting of all those who hold the NCSC’s (National Cyber Security Centre’s) Certified Incident Exercising (CIE) scheme. One of the discussions at our table was about the experience of the people providing the exercises and whether the NCSC’s vetting of the organisations certified under the scheme was sufficient. As well as discussing what experience companies should have in delivering exercises, we also debated whether we should have training qualifications, as exercises are basically a form of learning. This got me thinking.
When we deliver an exercise, many of the key decisions are made by the client. They usually have an idea of what the scenario is, the style of the exercise (tabletop or live/SIMEX), which is often determined by their budget, and also how they might like it to be run. We take this and layer on our expertise, such as developing the objectives for the exercise, the detailed scenario, the performance indicators for evaluating the exercise, and how it is delivered and reported on. At PlanB Consulting, we have been delivering exercises for 17 years, and I personally have been running them for 30 years (ouch), so we are quite good at them.
From the conversation this week and on the long train journey back to Glasgow, I got thinking about the issue. We are good at delivering the mechanics of an exercise, the clients enjoy them and feel they are worthwhile, and they get good learning from them. However, we never really think about how we maximise the learning from the exercises we deliver or how people learn. By understanding this better, we can adapt the delivery of the exercise or the follow-up to ensure the client gains maximum benefit for the time and money spent on them.
Now, it may be that we implement many of the learning theories and methods naturally without consciously adhering to them, but there may be additional ways we can adapt our exercises and improve the learning experience, without greatly changing our delivery methods.
In a wander around the internet, I came across a couple of types of learning that resonated with me. The first was experiential learning. This approach emphasises gaining knowledge and skills through direct experience and reflection rather than traditional academic methods. It often involves hands-on activities, real-world problem-solving, and active participation. This seemed to be very much aligned to the learning from a SIMEX, where you try to make the experience of the incident team being exercised as close to reality as possible. You put them under pressure by phoning in injects, forcing them to make no-win decisions at short notice with limited information. They must log and manage information and play their role as if they were in a real incident. Perhaps if we wanted to implement this way of learning further, we should spend more time on the reflection after the exercise.
Often, in a three-hour exercise, as they tend to overrun, we may spend only 15 minutes on reflection, which is just 8% of the session. If we doubled this to 30 minutes, would we create a better learning experience by allowing more time for reflection? Should we introduce follow-up reflection a week or so after the exercise to reinforce the learning once people have had time to process the experience? It would require more time spent on the task, but perhaps it would bring greater benefits?
The second type of learning I came across was behaviourist learning. This theory emphasises how behaviour is shaped by external stimuli, reinforcement, and repetition rather than internal thought processes. It suggests that people learn best when they receive positive reinforcement for correct actions and negative reinforcement or correction for mistakes. This lends itself well to drills such as fire practices. These are repetitive exercises carried out without participants needing to think about how they should respond. The organisation can be praised if they evacuate within their allotted time or made to repeat the drill if they fail to meet the time requirement. Participants receive real-time feedback immediately after completing the exercise, which is more effective than waiting too long after the drill to provide feedback.
Having had little time to reflect on my thoughts from this week, I think I will leave it there for this bulletin. However, I would be interested in hearing from anyone who uses learning theories to drive their exercises rather than as an afterthought—or if it is not considered at all.
All thoughts are greatly appreciated, let me know if you need any further refinements!
